CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0700 – WordPress Core <= 3.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0700
11 Feb 2007 — Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Wordpress en versiones anteriores a v3.0.5, permite a atacantes remotos inyect... • http://codex.wordpress.org/Version_3.0.5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1CVE-2007-0540 – WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
https://notcve.org/view.php?id=CVE-2007-0540
29 Jan 2007 — WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. WordPress permite a atacantes remotos provocar una denegación de servicio (agotamiento de ancho de banda o hilos) mediante llamadas al servicio de pingback con un URI origen que corresponde a un archivo con un tipo de contenido binario, que es... • https://www.exploit-db.com/exploits/29522 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0541 – WordPress Core < 2.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2007-0541
24 Jan 2007 — WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment. WordPress permite a atacantes remotos determinar la existencia de archivos de su elección, y posiblemente leer porciones de determinados... • http://securityreason.com/securityalert/2191 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0195 – WordPress Core < 2.1 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2008-0195
22 Jan 2007 — WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages. WordPress 2.0.11 y anteriores permite a atacantes remotos obtener información sensible mediante un valor vacío del parámetro page a ciertas secuencias de comandos PHP bajo wp-admin/, lo cual revela la ruta en varios mensajes de error. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-0539 – WordPress Core < 2.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2007-0539
22 Jan 2007 — The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint. La función wp_remote_fopen en WordPress anterior a versión 2.1 permite a los atacantes remotos causar una denegación de servicio (ancho de banda o consumo del hilo) por medio de llamadas de servicio pingback con un URI fuent... • http://securityreason.com/securityalert/2191 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 4%CPEs: 19EXPL: 1CVE-2007-0233 – WordPress Core < 2.0.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-0233
13 Jan 2007 — wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress. wp-trackback.ph... • https://www.exploit-db.com/exploits/3109 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2007-0107 – WordPress Core <= 2.0.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-0107
05 Jan 2007 — WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7. WordPress anterior a 2.0.6, cuando mbstring está habilitado para PHP, decodifica juegos de caracteres alternativos tras escapar la petición SQL, lo cual permite a atacantes remotos evitar los esquemas de protección contra inyecció... • https://www.exploit-db.com/exploits/3095 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 2%CPEs: 18EXPL: 2CVE-2006-6808 – WordPress Core <= 2.0.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6808
28 Dec 2006 — Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php. Vulnerabilidad de XSS en wp-admin/templates.php en WordPress 2.0.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de archivo. NOTA: algunas fuentes han i... • https://www.exploit-db.com/exploits/29356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6017 – WordPress Core <= 2.0.4 - Denial of Service
https://notcve.org/view.php?id=CVE-2006-6017
27 Oct 2006 — WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display. WordPress anterior a 2.0.5 no almacena adecuadamente un perfil que contiene una representación de un objeto serializado en una cadena, lo cual permite a usuarios r... • http://bugs.gentoo.org/show_bug.cgi?id=153303 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2006-5705 – WordPress Core <= 2.0.4 - Directory Traversal
https://notcve.org/view.php?id=CVE-2006-5705
27 Oct 2006 — Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. Vulnerabilidad de directorio transversal en plugins/wp-db-backup.php en WordPress anterior a 2.0.5 permite a un atacante remoto leer ficheros de su elección a través de secuencias de directorio transversal en parámetros no especificados relacion... • http://bugs.gentoo.org/show_bug.cgi?id=153303 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •